If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Threaded View

WgaTray.exe (Windows Genuine Validation)

Apparently Winpatrol does not list this file at startup:

Wednesday, May 31, 2006
WgaTray.exe opens security hole

It’s called Windows Genuine Advantage. I’ve received a couple Emails about the file WgaTray.exe which was part of this weeks Windows Update. Some questioned how this file was able to run on startup but isn’t listed by WinPatrol or other programs as an AutoStartup program.

Well, the answer is simple; this program is part of the Windows Operating system. After Windows starts it looks for this file in the system32 folder and runs it. Unfortunately, there’s a serious problem in with the way how Microsoft has implemented their anti-piracy system. The way Windows handles this file opens up a big security hole that most programs won’t plug. Any malicious program can delete the WgaTray.exe and replace it with its own malware using the same name. Windows does nothing to verify this program before running it the next time you reboot.

You can also find a discussion at Broadband Reports.com http://www.dslreports.com/forum/remark,15963038 The topic of the discussion is more about flaws in Windows piracy then security. If you have your system set for auto-updates the newest version of WgaTray.exe will have been downloaded this week.